kiwiirc / webircgateway Goto Github PK

View Code? Open in Web Editor NEW

90.0 18.0 35.0 314 KB

⛩ Websocket gateway to IRC networks

License: Apache License 2.0

Go 98.59% Makefile 1.41%

webircgateway's Introduction

webircgateway

A simple http/websocket gateway to IRC networks for any web client

Pre-built binaries can be downloaded from https://kiwiirc.com/downloads/index.html

Features

IRC

WEBIRC support
Hexed IP / static value overrides for IRC username, realname and hostname fields
Automatic encoding/decoding to UTF-8 from the IRCd
Single or multiple IRC server upstreams
Client message-tags for IRC servers that do not have message-tags support

WEB

Automatic Let's Encrypt TLS certificates
Optional HTTP static file serving (handy to serve your web client)
Multiple websocket / transport engine support
- Websockets (/webirc/websocket/)
- SockJS (/webirc/sockjs/)
- Kiwi IRC multi-servers (/webirc/kiwiirc/)
Designed for wide web browser support
HTTP Origin header whitelisting
reCaptcha support

Overview

webircgateway enables web browsers to connect to an IRC network. It does this by acting like a proxy. 1) A web browser connects to it, 2) It then connects to an IRC network, 3) The data between the two connections are then passed back and forth with any required encoding.

Most IRC networks currently do not support websocket connections or will only support native websockets. This causes problems:

Not all browsers support websockets
Many antivirus and firewall software interferes with websocket connections
Many transparent proxies block websocket connections (corporate proxies, hotel wifi access points, etc)
Almost half the internet access is now over mobile connections. These are not as stable as landline connections and will cause a increase in ping timeouts on networks (travelling under a tunnel?)

Further, existing IRC servers that do support native websockets complicate IRC encodings and requires the web client to handle decoding simple text streams, causing bloat and increased CPU usage in the users web browsers while ignoring older browser support.

webircgateway aims to solve these problems by supporting different transport engines to increase browser support and improve connectivity. Web IRC clients still talk the native IRC protocol to webircgateway no matter which transport engine they use.

The kiwiirc transport has been designed to work with kiwiirc to further increase the user facing experience and support multiple IRC connections over the same web connection if applicable. However, other clients may also make use of this transport engine in future.

Introduced commands

Two IRC commands are available to connecting clients. These commands will be processed by webircgateway and not be sent upstream to the IRC server.

ENCODING CP1252 will instruct webircgateway to convert all text to the CP1252 encoding before sending to the IRC server. See below for more information on this.

HOST irc.network.org:6667 signals webircgateway to connect to irc.network.org on port 6667 (+ before the port signifies TLS). This will only succeed if gateway = true in the webircgateway config, otherwise it will be ignored and a connection will be made to the configured IRC server instead.

CAPTCHA captcha-response-code will attempt to verify the client with recaptcha. If 'captcha-response-code' passes recaptcha verification then the clients IRC connection will be started. Otherwise, no IRC connection will be possible.

Encoding / multilingual support

Websockets are required to use UTF-8 encoded messages otherwise the browser will close the connection. To support this, webircgateway will ensure that any messages sent from the IRCd are encoded into UTF-8 before sending them to the browser.

If the IRC network uses an encoding other than UTF-8, the browser may send ENCODING <encoding> which will instruct webircgateway to automatically encode all messages to <encoding> before sending them to the IRC network, and decode messages back to UTF-8 before sending them to the browser.

However, it is highly recommended to use UTF-8 for your network to simplify things!

Security considerations

Allowing anybody to connect to your IRC network via the web can open you up to abuse. It is extremely easy for somebody to place code on a popular website that floods your network and with fake users to spam or harass users.

Take special note of the [allowed_origins] section of the configuration file. If a client from example.com connects to your webircgateway server but example.com is not listed here, the client will be refused and will not be a threat to your network.

If you are running an IRC network irc.network.org and you host your own webchat, you may want to list *.network.org here to only allow clients from your website to connect.

Building and development

webircgateway is built using golang - v1.11 or later is required for Go modules support to automatically acquire dependencies!

https://golang.org/dl/

To download the source:

git clone https://github.com/kiwiirc/webircgateway.git && cd webircgateway

To update your existing source:

git pull

Building from source:

go build

Running

Once compiled and you have a config file set, run ./webircgateway --config=config.conf to start the gateway server. You may reload the configuration file without restarting the server (no downtime!) by sending SIGHUP to the process, kill -1 <pid of webircgateway>. Note that this does not restart any listening servers, a restart is needed for this.

Configuration location

By default the configuration file is looked for in the current directly, ./config.conf. Use the --config parameter to specify a different location.

You may also use a shell command to load your config by prefixing the config option with $ like so: --config="$ curl http://example.com/config.conf". Great if you want to remotely include a config file or load it from a service like etcd.

Note: All filenames within the configuration file are relative to the configuration file itself unless the filename starts with "/" which makes it an absolute path.

Recommendations

To ensure web clients can connect to your network and to try keep some consistency between networks:

Run the webircgateway server over HTTPS. Without it, clients running on HTTPS pages may be blocked from connecting by their browser. You can use https://letsencrypt.org/ for a free signed certificate.
Stick to the default engine paths (eg. /webirc/websocket/) and standard web ports (80, 443 for HTTPS) so that clients will know where to connect to.
Configure WEBIRC for your IRC servers. This will show the users correct hostname on your network so that bans work.
Treat IRC connections made from webircgateway the same as any other IRC connection. Ban evasion and other difficulties arise when networks change web users hostnames / idents. If you must, try setting the users realname field instead.
If your network uses irc.network.org, use ws.network.org to point to your webircgateway.
Disable identd lookups for webircgateway clients. There are no benefits and will only slow the connection down.

License

   Copyright 2017 Kiwi IRC

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.

webircgateway's People

Contributors

Stargazers

Watchers

webircgateway's Issues

IPV6

How prevent ipv6 from connectivity through .conf?

Allow serving of kiwiirc config.json

Serving the kiwiirc config.json file will allow some config options such as kiwiServer to be automatically generated and the awkward symlink for the file to be removed in built packages.

KiwiBNC does something smilar which works well: https://github.com/kiwiirc/kiwibnc/blob/master/config.ini#L32

Kiwiirc-dev user killed by recvq causes all kiwiirc-dev users to disconnect

A user was killed for exceeding recvq on an irc network I run, and it caused every user on all servers that were connected through kiwiirc to quit with the the quit message of "Connection closed"

Below is the snomask log. This is on inspircd 2.0.25.

03:18:59:47 <cadance.canternet.org> QUIT: Client exiting: xrago!xrago@<redacted> (<redacted>) [RecvQ exceeded]

03:18:59:47 <cadance.canternet.org> ANNOUNCEMENT: User xrago RecvQ of 8411 exceeds connect class maximum of 8192

03:18:59:47 <cadance.canternet.org> QUIT: Client exiting: enthum!enthum@<redacted> (<redacted>) [Connection closed]

... <more kiwiirc dev version users on cadance.canternet.org> ...

03:18:59:48 <discord.canternet.org> QUIT: Client exiting: kitten_1!kitten_1@<redacted> (<redacted>) [Connection closed]

... <more kiwiirc dev version users on discord.canternet.org> ...

03:18:59:48 <chrysalis.canternet.org> QUIT: Client exiting: kitten_3828!kitten_38@<redacted> (<redacted>) [Connection closed]

Only last RPL_WHOISCHANNELS line is interpreted

When a user is in many channels it is possible that the ircd responses with multiple RPL_WHOISCHANNELS lines. kiwiirc/webircgateway only interprets the last receives line, which ends in incomplete channels lists when whoising users

:morgan.hackint.org 319 test_tmp test_tmp :@#test61 @#test60 @#test59 @#test58 @#test57 @#test56 @#test55 @#test53 @#test52 @#test50 @#test49 @#test47 @#test46 @#test45 @#test44 @#test43 @#test42 @#test41 @#test40 @#test39 @#test38 @#test37 @#test36 @#test35 @#test34 @#test33 @#test31 @#test30 @#test29 @#test28 @#test27 @#test26 @#test25 @#test24 @#test23 @#test22 @#test21 @#test20 @#test19 @#test18 @#test17 @#test16 @#test15 @#test14 @#test13 @#test12 @#test11 @#test10 @#test9 
 >> :morgan.hackint.org 319 test_tmp test_tmp :@#test8 @#test7 @#test6 @#test5 @#test4 @#test3 @#test2 @#test1

In this example only "@#test8 @#test7 @#test6 @#test5 @#test4 @#test3 @#test2 @#test1" are listed by kiwiirc

unix sockets directory path creation

At the moment the unix socket does not attempt to create the preceding directories, for people using the init.d script and running as root this could be handy.

for people not running as root, the best solution is to have systemd create the preceding directories with the correct permissions

HTTP origin restriction

An option to only allow connections from a specific browser origin to prevent mass flooding. HTTP origin header

No error message on wrong letsencrypt cache folder

The new let's encrypt code now use a directory for the cache instead of a single file.

Therefore this line in the config file letsencrypt_cache = letsencrypt.cache from the old version should be changed to something like letsencrypt_cache = ./<folder name> or an error will be printed.

However in this case, no error is printed.
KiwiIRC exists with error code 1, and only print Using config <config file>

Trim the period from the reverse DNS lookup

https://github.com/kiwiirc/webircgateway/blob/master/src/clientKiwiirc.go#L38

webircgateway doesn't send ircd password correctly if the password contains a '#' character

If the ircd password is 'abc#def', webircgateway sends the password as 'abc'
Escaping # with a backslash in webircgateway config doesn't work. 'abc\#def' will be sent to ircd as 'abc\'
It looks like that webircgateway considers any # character as a comment even if it is in the middle of the line or between quotes, while it should only do that if # character is at the beginning of the line.

I am using unrealircd, webircgateway compiled from master branch.

Thank you

[Feature] Whitelist for gateway mode

Create a whitelist system so when in gateway mode it can be limited to preapproved servers, but also include the current functionality of any server.

TLS server problem for SSL

I have a problem with the server tls here is my configuration:

# Example TLS server
[server.2]
bind = "chat.tchatirc.fr"
port = 9001
tls = true
cert = server.crt
key = server.key
letsencrypt_cache = ./certs

but when I restart the server I have the following error:

2020/01/28 10:00:11.686738 L_INFO Serving files from /home/kiwiirc/kiwiirc_linux_amd64/www
2020/01/28 10:00:11.689361 L_INFO Listening on 178.170*.*:9000
2020/01/28 10:00:11.689503 L_INFO Listening with letsencrypt TLS on chat.tchatirc.fr:9001
2020/01/28 10:00:19.986293 L_INFO Automatically requesting a HTTPS certificate for chat.tchatirc.fr
2020/01/28 10:00:21.474073 http: TLS handshake error from 82.252.*.*:182: 403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.
2020/01/28 10:00:21.474254 http: TLS handshake error from 82.252.*.*:181: acme/autocert: missing certificate

how can i fix this please

Force encoding to UTF8 before sending data to the websocket

Allow configuration of the gateway name.

InspIRCd 3.0 allows filtering of WebIRC gateways into connect classes by the gateway name sent in WEBIRC. Currently webircgateway hardcodes this value as websocketgateway. It would be useful if users of webircgateway could configure this value to allow server operators to filter connections into appropriate connect classes.

[Suggestion]: Add a unique ID variable for better tracking

Hello,

I see that feature has been requested a lot of times by a lot of users (plus me), it can be a useful addition because it will solve either some spammers situations, like even if someone changing his IP or switching browsers he would not be able to connect/join on the network/channel from his PC if using that feature, serious networks supporting realname bans either.

Creating a way on WIG to allow set %d under [Clients] that would be a unique ID of that PC, that this Unique ID could be a combination with Environment Variables of the system or something more clever.

Config Example:

[Clients]
username = "%d"

[Clients]
realname = "Personal ID: %d"

[Clients]
hostname = "my.personal.%d.id"

Thanks!

SASL auth required (Libera.chat)

Documentation for SASL authentication is needed to understand how to connect on libera.chat servers using TLS 1.3 (aka forward secrecy). In contrast webirc connections to irc.freenode.net in tcp4 mode works as expected using kiwiirc transport (tls=false).

However inbound connections to libera.chat servers result in the following error message:

Closing Link: open-neurosecurity.org (SASL authentication to a NickServ account with a verified email address is required to connect from your current network. Please see https://libera.chat/guides/sasl for configuration assistance.

$ sudo systemctl status webircgateway

webircgateway
     Loaded: loaded (/lib/systemd/system/webircgateway.service; enabled; preset: enabled)
     Active: active (running) since Sun 2023-11-05 04:23:31 EST; 20min ago
   Main PID: 1141544 (webircgateway)
      Tasks: 7 (limit: 4652)
     Memory: 2.2M
        CPU: 37ms
     CGroup: /system.slice/webircgateway.service
             └─1141544 /usr/local/sbin/webircgateway --config=/etc/webircgateway/config.conf

Nov 05 04:23:42 open-neurosecurity.org webircgateway[1141544]: 2023/11/05 04:23:42.479564 L_DEBUG client:2 signal:data :molybdenum.libera.chat NOTICE guest11 :*** Notice -- SASL authentication to a NickServ account with a verified email address is required to connect from your current network. Please see https://libera.chat/guides/sasl for configuration assistance.
Nov 05 04:23:42 open-neurosecurity.org webircgateway[1141544]: 2023/11/05 04:23:42.479716 L_DEBUG client:2 in .UpstreamRecv
Nov 05 04:23:42 open-neurosecurity.org webircgateway[1141544]: 2023/11/05 04:23:42.479722 L_DEBUG client:2 Traffic (Upstream->) ERROR :Closing Link: open-neurosecurity.org (SASL authentication to a NickServ account with a verified email address is required to connect from your current network.

Support using a client certificate for upstream TLS connections

It would need adding to the ConfigUpstream struct so that plugins can modify it as needed

Browsers implementing CORB blocks access to webirc gateways

Browsers have with recent updates begun to default to enabling CORB. This can cause problems with webirc gateways, as the server does not send Origin headers. This makes the Kiwi client silently fail after clicking Connect; the error is only evident in the console.

A possible solution is to enable such headers to be added in the config file, or tied to the domain whitelist already there.

Example block message from console:
Failed to load https://example.com:4443/webirc/kiwi/info?t=1538813226441: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://other.example.com' is therefore not allowed access.
abstract-xhr.js:132 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://example.com:4443/webirc/kiwi/info?t=1538813226441 with MIME type text/plain. See https://www.chromestatus.com/feature/5629709824032768 for more details.
r._start @ abstract-xhr.js:132
(anonymous) @ abstract-xhr.js:21
setTimeout (async)
r @ abstract-xhr.js:20
r @ xhr-cors.js:8
r @ info-ajax.js:19
r._getReceiver @ info-receiver.js:39
r.doXhr @ info-receiver.js:56
(anonymous) @ info-receiver.js:25
setTimeout (async)
r @ info-receiver.js:24
r @ main.js:121
n.reconnect.n.connect @ ServerConnection.js:60
r.connect @ ServerConnection.js:182
value @ browser.js:8
value @ browser.js:8
s.connect @ IrcClient.js:100
startUp @ Welcome.vue?4f7d:180
n @ vue.common.js:193
formSubmit @ Welcome.vue?4f7d:122
n @ vue.common.js:192
submit @ Welcome.vue?7742:1
e @ vue.common.js:2006
t._withTask.t._withTask @ vue.common.js:1804

problem whois Secure Connection

[11:58] -voila.tchat.chat- connect.LOCAL_CLIENT_CONNECT [info] Client connecting: jackbot ([email protected]) [162.158.149.155] [vhost: DC518AFD.37BB1BF0.911BF5D8.IP] [class: clients] [secure: TLSv1.3-TLS_CHACHA20_POLY1305_SHA256] [country: TN] [reputation: 6] [security-groups: unknown-users,webirc-users,tls-and-known-users,tls-users]

[11:58] jackbot is [email protected] * 33 F Tunisie
[11:58] jackbot is using modes +iwx
[11:58] jackbot is connecting from *@162.158.149.155 162.158.149.155
[11:58] jackbot on #tunisie #accueil
[11:58] jackbot using voila.tchat.chat tchat
[11:58] jackbot is in security-groups: unknown-users,webirc-users,tls-and-known-users,tls-users
[11:58] jackbot is using an IP with a reputation score of 6
[11:58] jackbot is connecting from Tunisia (TN)
[11:58] jackbot has been idle 3secs, signed on Wed Jul 31 11:58:54 2024
[11:58] jackbot End of /WHOIS list.

This tag does not appear. ---> using a Secure Connection [TLSv1.3-TLS_CHACHA20_POLY1305_SHA256]

IdentD support

IP database integration. Is it possible via plugin?

Hi, I want to integrate Maxmind's GeoLite2 IP database and:

detect client country
introduce new placeholder for country value in realname field.

Could you clarify if such extension is possible via plugins functionality, please?

Config option to enable full debug output for clients on a set remote addr

[Feature]: Allow wig logs to be ported on a file instead on console

Hello,

It would be nice to have an option under config to be able to place any wig log on a file.

Example:

# Log all outputs on a file
logFile = "/var/log/webircgateway.log"

Thanks!

Start using dep

TLS server support

TLS servers are currently ignored.

Fails to connect when CAP LS only contains unneeded caps and message-tags is injected

ircd do not reliably reply to empty CAP REQ so the ACK cannot be injected with message-tags, causing registration timeout

2019/05/13 13:10:56.738219 L_INFO Listening on 127.0.0.1:8001
2019/05/13 13:10:57.531062 L_INFO client:2 New kiwiirc channel on localhost:8001 from 127.0.0.1 127.0.0.1
2019/05/13 13:10:57.534059 L_DEBUG client:2 ws->: HOST vps648511.ovh.net:6667
2019/05/13 13:10:57.534059 L_DEBUG client:2 ws->: ENCODING utf8
2019/05/13 13:10:57.534059 L_DEBUG client:2 Set encoding to utf8
2019/05/13 13:10:57.540054 L_DEBUG client:2 ws->: CAP LS 302
2019/05/13 13:10:57.540054 L_DEBUG client:2 Enabling client Messagetags feature
2019/05/13 13:10:57.542051 L_DEBUG client:2 ws->: NICK kiwi-n40
2019/05/13 13:10:57.543050 L_DEBUG client:2 ws->: USER kiwi-n40 0 * https://kiwiirc.com/
2019/05/13 13:10:57.543050 L_INFO client:2 Using client given upstream
2019/05/13 13:10:57.572028 L_DEBUG client:2 No webirc to send
2019/05/13 13:10:57.572028 L_DEBUG client:2 ->upstream: CAP LS 302
2019/05/13 13:10:57.572028 L_DEBUG client:2 ->upstream: NICK kiwi-n40
2019/05/13 13:10:57.572028 L_DEBUG client:2 signal:state connected
2019/05/13 13:10:57.572028 L_DEBUG client:2 ->upstream: USER 7f000001 0 * :https://kiwiirc.com/
2019/05/13 13:10:57.595006 L_DEBUG client:2 upstream->: :irc.example.org NOTICE Auth :*** Looking up your hostname...
2019/05/13 13:10:57.595006 L_DEBUG client:2 signal:data :irc.example.org NOTICE Auth :*** Looking up your hostname...
2019/05/13 13:10:57.659020 L_DEBUG client:2 upstream->: :irc.example.org NOTICE Auth :*** Found your hostname (cpc113492-wiga15-2-0-cust407.18-3.cable.virginm.net)
2019/05/13 13:10:57.659020 L_DEBUG client:2 upstream->: :irc.example.org CAP 867AAAAAA LS :sasl
2019/05/13 13:10:57.659020 L_DEBUG client:2 signal:data :irc.example.org NOTICE Auth :*** Found your hostname (cpc113492-wiga15-2-0-cust407.18-3.cable.virginm.net)
2019/05/13 13:10:57.659020 L_DEBUG client:2 signal:data :irc.example.org CAP 867AAAAAA LS :sasl message-tags
2019/05/13 13:10:57.665022 L_DEBUG client:2 ws->: CAP REQ :message-tags
2019/05/13 13:10:57.665022 L_DEBUG client:2 ->upstream: CAP REQ 
2019/05/13 13:11:08.699815 L_DEBUG client:2 upstream->: ERROR :Closing link: ([email protected]) [Registration timeout]
2019/05/13 13:11:08.699815 L_DEBUG client:2 signal:data ERROR :Closing link: ([email protected]) [Registration timeout]
2019/05/13 13:11:08.700813 L_DEBUG client:2 StartShutdown(upstream_closed) ShuttingDown=false
2019/05/13 13:11:08.700813 L_INFO client:2 Upstream closed the connection
2019/05/13 13:11:08.700813 L_DEBUG client:2 signal:state closed
2019/05/13 13:11:08.700813 L_INFO client:2 Removing channel from connection
2019/05/13 13:11:08.700813 L_DEBUG client:2 clientLineWorker() client.Recv closed
2019/05/13 13:11:08.700813 L_DEBUG client:2 connectUpstream() client.UpstreamSend closed

DNSBL support

High cpu usage when message-tags add by gateway

@H7-25 Using features like type notify increase a lot cpu usage when the ircd don't support msgtags

issue moved from kiwiirc/kiwiirc#958

Add option to force http to https redirection

Fatal crash on high load

Log output:

fatal error: concurrent map read and map write2017/06/08 12:26:33 L_DEBUG client:1438 clientLineWorker() client.Recv closed


goroutine 43587 [running]:
runtime.throw(0x8cb172, 0x21)
        /usr/local/Cellar/go/1.8/libexec/src/runtime/panic.go:596 +0x95 fp=0xc422ef0708 sp=0xc422ef06e8
runtime.mapaccess1_faststr(0x83bb20, 0xc4226c40c0, 0xc422eae7bb, 0x1, 0xc4200100a0)
        /usr/local/Cellar/go/1.8/libexec/src/runtime/hashmap_fast.go:217 +0x4cf fp=0xc422ef0768 sp=0xc422ef0708
github.com/kiwiirc/webircgateway/pkg/webircgateway.kiwiircHandler.func1.1(0xc422123f80, 0xc4226c40c0, 0xc422eae7bb, 0x1)
        /Users/darren/go/src/github.com/kiwiirc/webircgateway/pkg/webircgateway/clientKiwiirc.go:124 +0x76 fp=0xc422ef07c0 sp=0xc422ef0768
runtime.goexit()
        /usr/local/Cellar/go/1.8/libexec/src/runtime/asm_amd64.s:2197 +0x1 fp=0xc422ef07c8 sp=0xc422ef07c0
created by github.com/kiwiirc/webircgateway/pkg/webircgateway.kiwiircHandler.func1
        /Users/darren/go/src/github.com/kiwiirc/webircgateway/pkg/webircgateway/clientKiwiirc.go:126 +0x54c

recaptcha malfunction does not notifiy the client

If an invalid recaptcha_key is entered the client just times out without any errors

just testing locally and the gateway has timed out without even notifying the client (perpetual connecting spinner)

I suspect this could also be an issue in other failure states

Host cloaking option in addition to %h and %i for username / realname.

I am in the process of testing this new version of Kiwi and a security concern came up as the options %h and %i for username and realname would leak a user's Internet address. One of the questions that came up is is there a way to implement cloaking similar to how ircds handle it so that these would be predictable for banning purposes but not fully expose a user.

I'm sure many ircds do this in different ways but heres one implementation: https://github.com/evilnet/nefarious2/blob/master/ircd/ircd_cloaking.c

Websocket connection randomly crashes

This is due to intermediate servers (proxies) randomly drop TCP connections.

I propose solution to add socket.io transport.

Golang minimum version is 1.13 and not 1.11

Documentation says that golang 1.11 or later is need, but when trying to build on my server I got this error :

go build golang.org/x/text/unicode/norm: /usr/lib/go-1.11/pkg/tool/linux_amd64/compile: signal: killed
go build golang.org/x/text/encoding/japanese: /usr/lib/go-1.11/pkg/tool/linux_amd64/compile: signal: killed
go build golang.org/x/text/encoding/simplifiedchinese: /usr/lib/go-1.11/pkg/tool/linux_amd64/compile: signal: killed
# github.com/kiwiirc/webircgateway/pkg/dnsbl
pkg/dnsbl/dnsbl.go:55:16: undefined: strings.ReplaceAll
note: module requires Go 1.13

Please update the documentation ;)

Reload certificates on config reload

To be aware of new certificates webircgateway requires restart.

It would be nice to reload certificates (cert/ca) on config reload.

E.g. Let's encrypt certificates are renewed every 3 months, so this needs restarting webircgateway every time.

This seems related to #2.

unix domain socket support

I'd be excited about support for UNIX domain sockets in both directions:

as the listen socket for webircgateway
as the upstream ircd socket that it connects to (as of ergochat/ergo#187, oragono's trunk supports listening on a UNIX domain socket)

Make sure BUFFERTOKEN returns a token that can be used for jitsi meet

Reverse and forward DNS checks

Test config file before applying on reload

protocol = tcp4 not working in config.conf

on a self hosted install of kiwiirc from kiwiirc_20.05.24.1-1_amd64.deb on ubuntu

issue with gateway to ircd connection, gateway was by default selecting an ipv6 off server

tried to force ipv4 with

protocol = tcp4 in [upstream.1]

made no difference and still coming in on ipv6

shalom

Preacher

KiwiIRC gets 403 Forbidden from websocket path

Today I noticed that Kiwi IRC can't connect to the websocket path. It gets rejected with 403 Forbidden and than falls back to XHR streaming.
I double checked with an direct connection to an running webircgateway without reverse proxy in front.
Unfortunately I can't see anything in the gateway log even with debug log level. Compiled in Docker with latest golang Image.

Request:
GET /webirc/kiwiirc/542/kewliq41/websocket HTTP/1.1
Host: 127.0.0.1:8067
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: https://kiwi.x.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: i3sD0pWgf34x6tYHmNyppg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Answer:
HTTP/1.1 403 Forbidden
Content-Type: text/plain; charset=utf-8
Sec-Websocket-Version: 13
X-Content-Type-Options: nosniff
Date: Fri, 10 Dec 2021 09:53:28 GMT
Content-Length: 10